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The Trustworthy Cloud 


Webex by Cisco - and the EU Cloud Code of Conduct 


Privacy is a fundamental human right. This principle guides how we do what we do at Cisco and it’s why we 
embed privacy and security into our products and cloud services. 


In an increasingly complex world, customers no longer trust that their data is safe just because a cloud service 
provider (CSP) says so. As outlined in the New Trust Standard, customers expect (and even demand) that 
CSPs prove they are being good stewards of their data by applying the proper privacy and security controls 
and having compliance validated by an external third party. 


In May 2021, the EU Cloud Code of Conduct (EU Cloud CoC), was formally adopted by the Belgian Data 
Protection Authority, following approval by representatives of all 27 of the EU member states’ data protection 
authorities in the European Data Protection Board (EDPB). The EU Cloud CoC defines a foundational 
framework for privacy and security in cloud environments. This Code is designed to engender trust in the 
cloud and simplify customer risk assessments of CSPs. Cisco is proud to have been a founding member of 
the EU Cloud CoC’s General Assembly and a key contributor in developing this important, new framework 
and helping to make privacy principles actionable and real. We are excited that Webex is the first cloud 
collaboration platform whose declaration of adherence to the Code has been officially verified and approved. 


The EU Cloud CoC is the first transnational, EDPB-approved, verifiable assurance framework for CSPs to 
demonstrate adherence to GDPR. Working in concert with the European data protection authorities and 
the European Commission, the EU Cloud CoC’s General Assembly created an officially recognized code 
that harmonizes interpretation of the law and application to all cloud offerings. By leveraging international 
standards, like ISO 27701 and 27018, the EU Cloud CoC ensures wide recognition and ease of verification 
against data protection expectations and regulations on a global basis. The EU Cloud CoC sets clear, 
actionable controls for CSPs and includes an independent monitoring function to assess compliance. 


Without user trust, cloud services cannot reach their full potential for transforming the way we work, live, play, 
and learn. Adherence to the EU Cloud CoC enables hundreds of millions of EU users to safely participate in 
digitization, innovation, and economic growth. 
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Webex — a blueprint for compliance 


When developing the EU Cloud CoC, the General Assembly wanted to make sure that it would be scalable 
and accessible for any sized organization to comply. We also wanted the EU Cloud CoC to be globally 
interoperable to meet EU/GDPR requirements and align to other internationally recognized frameworks. The 
International Organization for Standardization (ISO) and its security related certifications were a natural fit as 
security is foundational to privacy. Anchoring on ISO standards, the CoC adds individual rights and privacy 
controls that CSPs must implement. By building on familiar, rigorously tested industry standards, the CoC is 
poised to be widely accepted and rapidly adopted. 


Webex by Cisco (Webex) was built with privacy and security by design and is certified as compliant with ISO 
27001, 27017, 27018, 27701, SOC 2, C5, EU Binding Corporate Rules, and APEC Cross Border Privacy Rules 
System and Privacy Recognition for Processors requirements. With this foundation set, Webex was able to 
declare adherence to the EU Cloud CoC immediately after the European data protection authorities approved it. 


SCOPE Europe has verified Webex’s adherence by reviewing and confirming compliance with all 80 EU Cloud 
CoC controls holistically covering contractual, organizational, and technical requirements. This rigorous review 
and verification process is necessary for validation and trust in the EU Cloud CoC. 


In 2023, Webex - comprising Webex Meetings, Webex Messaging, and Webex Calling - achieved Level 3 
adherence with the EU Cloud Code of Conduct. Refer to the Verification of Declaration of Adherence (Level 3) 
to learn more about the adherence. 


Privacy by design. Trust through transparency. 


Security and privacy by design were central to the development of the EU Cloud CoC. Cisco’s experience and 
leadership in privacy engineering were instrumental in ensuring that controls were applied to the EU Cloud 
CoC to embed privacy from the onset - during the ideation and development phase. Privacy requirements are 
treated like any other core product feature in the product development process. Privacy by design and default 
and privacy impact assessments are essential in the development process and throughout the data lifecycle. 


In practice, the principles of privacy by design and default are embedded in the Cisco Secure Development 
Lifecycle (CSDL), a repeatable and measurable process designed to increase our product resiliency and 
trustworthiness. This secure development lifecycle uses a combination of people, processes, and tools 
throughout the product development process to help deliver on our principles of trust, transparency, and 
accountability. Since these are also key principles under the GDPR, we shared the leading practices and 
programmatic results of our CSDL process in developing the EU Cloud CoC. This included our training 
program for establishing a culture of security and privacy awareness across Cisco, and transparently sharing 
our Privacy Data Sheets and Privacy Data Maps with customers to show how we properly collect, process, 
use, and dispose of their personal data. 


What’s next for Cisco and the Code? 


Cisco continues to work with other members of the General Assembly to develop and enhance mechanisms 
and leading practices to demonstrate compliance and facilitate safe international data flows. We also take 

the lessons we are learning from our peers and are integrating them into our own processes, including 
updating the CSDL and EU Cloud CoC controls into the Cisco Cloud Controls Framework. We look forward to 
welcoming more members to the EU Cloud CoC and expect many more adherence declarations from CSPs in 
the coming months. 
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